[DEPRECATED] Using Management MRF

IMPORTANT! This feature has been deprecated. Use the management VRF feature instead.

How Management MRF Works

Management MRF (multiple routing tables and forwarding) is an experimental feature in Cumulus Linux 2.5.3. It works by creating two routing tables within the Linux kernel:

main: This is the routing table for all the data plane switch ports.

mgmt: This is the routing table for eth0.

Management MRF assumes all traffic generated by the switch (except via Quagga) will exit eth0 by default, so unless there is application-level intervention, any packet generated by an application on the switch will only reference the eth0 routing table.

For example, if the switch is responding to an inbound SSH connection or inbound ping, management MRF does not assume that this traffic exits via eth0. However, if you SSH from the switch outbound, then management MRF assumes the traffic exits eth0.

For traffic to use a switch port, either the switch port must be defined in the software configuration or the software package must be extended.

For any inbound connections on a switch port, management MRF works as expected without any modifications or changes.

More details are provided below, but in general:

If you want the application to use eth0, it works as expected.

If you want the application to use a switch port, additional configuration may be required.

Using ping or traceroute

By default, issuing a ping or traceroute assumes the packet should be sent to eth0. If you wish to use ping or traceroute to a switch port, use the -m flag for ping and --fwmark=254 for traceroute. 254 is the main routing table, these options tell ping and traceroute to use that table instead of the mgmt table. For example:

ping -m 254 192.168.1.1

or

sudo traceroute --fwmark=254 192.168.1.1

OSPF and BGP

No changes are required for either BGP or OSPF. Quagga has been updated in Cumulus Linux 2.5.3 to be aware of the management MRF and automatically sends packets based on the switch port routing table. This includes BGP peering via loopback interfaces. BGP does routing lookups in the default table.

SNMP and sFlow

Both SNMP and sFlow do not currently have a method to use a switch port to send data. For any netflow collectors or SNMP traps, this traffic gets sent out to eth0. Cumulus Networks should support switch ports in the future.

Note: For SNMP, this restriction only applies to traps. SNMP polling is not affected.

SSH

If you SSH to the switch through a switch port, it works as expected. If you need to SSH from the device out a switch port, use ssh -b <ip_address_of_swp_port>. For example:

Viewing the Routing Tables

As mentioned earlier, two routing tables now exist. When you look at the routing table with ip route show, you are looking at the switch port (main) table. To look at information about eth0, use ip route show table mgmt.